package jdbc;

import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;

/**
 * 预编译SQL语句
 * 当SQL　语句中如果有变量，那么可以使用占位符来代替变量，占位符用？
 * 解决占位符注入问题
 */
public class JDBCDemo7 {
    public static void main(String[] args) {
        //
        UserInfo userInfo=InputUtil.getInputObject(new UserInfo(),"用户登录","登录");
        try (
                Connection connection=DBUtil.getConnection();
                ){
            String sql="SELECT id,username,nickname,password,age FROM userinfo WHERE username=? AND password=?";
            PreparedStatement ps=connection.prepareStatement(sql);
            ps.setString(1,userInfo.getUsername());
            ps.setString(2,userInfo.getPassword());

            ResultSet rs=ps.executeQuery();
            System.out.println(rs.next()?"登录成功":"登录失败");


        }catch (Exception e){
            e.printStackTrace();
        }
    }
}
